# SonarQube Remediation Agent
{% hint style="success" %}
The SonarQube Remediation Agent is a [Beta](https://docs.sonarsource.com/sonarqube-cloud/appendices/product-release-lifecycle#beta) feature available with the Team (annual) and Enterprise plan accounts. It is free during the beta phase and will be a paid feature when it moves to [General Availability](https://docs.sonarsource.com/sonarqube-cloud/appendices/product-release-lifecycle#general-availability). To learn more about the terms & conditions, please see our legal page about features in [Early Access](https://www.sonarsource.com/legal/early-access/).
{% endhint %}
The SonarQube Remediation Agent runs an independent review and analysis to help you fix reliability and maintainability issues found in your latest code. It focuses on issues in your backlog, discovered in your main branch analysis, and on issues found in your latest GitHub pull request (PR).
The agent uses space.vars.SQC\_Remediation\_agent\_LLM to generate fix suggestions in the background and checks that the new code does not introduce new issues before offering the suggestion.
The SonarQube Remediation Agent can suggest fixes in two ways:
* It can fix issues from your backlog when you use the **Assign to Agent** button on the Issues page.
* In addition, it can be triggered by a [pull-request-analysis](https://docs.sonarsource.com/sonarqube-cloud/analyzing-source-code/pull-request-analysis "mention") when your quality gate fails and does not engage with your branch analysis. See the [#quality-gate-and-metrics](https://docs.sonarsource.com/sonarqube-cloud/analyzing-source-code/pull-request-analysis#quality-gate-and-metrics "mention") article to learn more about how the quality gate is computed during a PR analysis.
## Requirements and limitations
The *SonarQube Remediation Agent*, when enabled, can make fix suggestions in new PRs on private projects in GitHub.
You must have either [automatic-analysis](https://docs.sonarsource.com/sonarqube-cloud/analyzing-source-code/automatic-analysis "mention") enabled or be running a [CI-based analysis](https://docs.sonarsource.com/sonarqube-cloud/getting-started/github#setting-up-a-ci-based-analysis) on your GitHub repository.
The agent can suggest code fixes in the main branch of your backlog and on your pull request for maintainability, reliability, and a select set of security issues found in Java, JavaScript/TypeScript, and Python code; the agent can also suggest fixes for [secrets](https://docs.sonarsource.com/sonarqube-cloud/analyzing-source-code/languages/secrets "mention") detected in your code.
The expandable blocks below list the blocked rules:
Unsupported Java rules
The SonarQube Remediation Agent does not have access to a limited number of rules because they are too complex for an LLM to solve.
java:S113
java:S1130
java:S1134
java:S1135
java:S1144
java:S1228
java:S1874
java:S2188
java:S2260
java:S2638
java:S2699
java:S2970
java:S3551
java:S3776
java:S4488
java:S4605
java:S4738
java:S5785
java:S5838
java:S5841
java:S5853
java:S6126
java:S6204
java:S6539
java:S7467
java:S7476
Unsupported JavaScript rules
The SonarQube Remediation Agent does not have access to a limited number of rules because they are too complex for an LLM to solve.
javascript:S1134
javascript:S1135
javascript:S1144
javascript:S1529
javascript:S1607
javascript:S2187
javascript:S2234
javascript:S2301
javascript:S2310
javascript:S2870
javascript:S2871
javascript:S2999
javascript:S3776
javascript:S3782
javascript:S3800
javascript:S4123
javascript:S6324
javascript:S6435
javascript:S6440
javascript:S6441
javascript:S6477
javascript:S6478
javascript:S6481
javascript:S6551
javascript:S6594
javascript:S6746
javascript:S6747
javascript:S6748
javascript:S6754
javascript:S6756
javascript:S6757
javascript:S6766
javascript:S6767
javascript:S6774
javascript:S6775
javascript:S6788
javascript:S6790
javascript:S6791
javascript:S6819
javascript:S6957
javascript:S7060
Unsupported Python rules
The SonarQube Remediation Agent does not have access to a limited number of rules because they are too complex for an LLM to solve.
python:S930
python:S1134
python:S1135
python:S1144
python:S2638
python:S3699
python:S5632
python:S5655
python:S5756
python:S5864
python:S5886
python:S5899
python:S5906
python:S6243
python:S6553
python:S6709
python:S6741
python:S6974
python:S7487
python:S7512
Unsupported TypeScript rules
The SonarQube Remediation Agent does not have access to a limited number of rules because they are too complex for an LLM to solve.
typescript:S107
typescript:S1134
typescript:S1135
typescript:S1144
typescript:S1607
typescript:S1871
typescript:S1874
typescript:S2187
typescript:S2201
typescript:S2234
typescript:S2310
typescript:S2699
typescript:S3579
typescript:S3776
typescript:S3972
typescript:S3981
typescript:S4043
typescript:S4123
typescript:S4144
typescript:S4323
typescript:S4325
typescript:S4335
typescript:S4623
typescript:S4822
typescript:S5850
typescript:S5860
typescript:S6035
typescript:S6324
typescript:S6325
typescript:S6331
typescript:S6353
typescript:S6440
typescript:S6441
typescript:S6477
typescript:S6478
typescript:S6481
typescript:S6535
typescript:S6544
typescript:S6550
typescript:S6551
typescript:S6557
typescript:S6571
typescript:S6582
typescript:S6583
typescript:S6590
typescript:S6594
typescript:S6606
typescript:S6647
typescript:S6747
typescript:S6748
typescript:S6754
typescript:S6756
typescript:S6757
typescript:S6767
typescript:S6775
typescript:S6788
typescript:S6791
typescript:S6957
typescript:S6959
typescript:S7059
typescript:S7060
typescript:S7647
typescript:S7648
typescript:S7649
typescript:S7650
typescript:S7651
typescript:S7652
typescript:S7653
typescript:S7654
typescript:S7655
typescript:S7725
typescript:S7727
typescript:S7729
typescript:S7732
typescript:S7747
typescript:S7754
typescript:S7755
typescript:S7758
typescript:S7767
typescript:S7780
typescript:S7783
Secrets rules
All Secrets rules are supported
Limits are placed on the agent’s activity to avoid noise in the comment history of your GitHub pull request. Currently, the limit is 20 issues; if more than 20 issues are introduced in your PR, the agent will not be triggered.
{% hint style="warning" %}
The SonarQube Remediation Agent will only work with issues found in one of the supported language types.
Once enabled in SonarQube Cloud, any of your GitHub repositories can add the SonarQube Remediation Agent as a GitHub App, irregardless of the language type.
Although SonarQube Cloud may find issues in a repository that contains an unsupported language for example, in C++, the agent won't be triggered in a pull request because C++ is not a supported language type.
{% endhint %}
## Subscription
The SonarQube Remediation Agent is a [#beta](https://docs.sonarsource.com/sonarqube-cloud/appendices/product-release-lifecycle#beta "mention") feature available with Team (annual) and Enterprise plan accounts. It is free during the beta phase and will be a paid feature when it moves to [#general-availability](https://docs.sonarsource.com/sonarqube-cloud/appendices/product-release-lifecycle#general-availability "mention"). To learn more about the terms & conditions for Beta, please see our legal page about features in [Early Access](https://www.sonarsource.com/legal/early-access/).
## Sharing your code with Sonar
If you use the SonarQube Remediation Agent, the affected code snippet will be sent by the agent to an LLM to generate a fix suggestion. These suggestions are verified by Sonar before being offered as an issue fix. Service agreements with Sonar’s LLMs prevent your code from being used to train those models and it is not stored by the LLM provider nor by any third party.
For details about terms and conditions, please refer to the [Early Access terms](https://www.sonarsource.com/legal/early-access/) in our [Legal Documentation](https://www.sonarsource.com/legal/).
## Enable your agent
A SonarQube Cloud organization admin and an administrator for your GitHub account are needed to set up Sonar's AI Agent for automated developer workflows:
1. If you haven't already, follow the instructions about [#activating-automatic-analysis](https://docs.sonarsource.com/sonarqube-cloud/analyzing-source-code/automatic-analysis#activating-automatic-analysis "mention") or enabling a [#ci-based-analysis](https://docs.sonarsource.com/sonarqube-cloud/getting-started/github#ci-based-analysis "mention") on your project hosted in a GitHub repository.
2. Navigate to *Your SonarQube Cloud Organization* > **Administration** > **AI capabilities** > **AI agent**.
3. A GitHub administrator needs to install the [SonarQube Agent GitHub app](https://github.com/apps/sonarqube-agent). Under **Install app**, select **GitHub**. The administrator will be prompted to install the app on the GitHub organization already linked to your SonarQube Cloud organization. If installed, the agent will be granted:
* Read and write access to code and pull requests,
* And Read-only access to issues and metadata.
4. Choose either **All repositories** or **Only select repositories** to control which repositories the AI agent can access. Once you've made your selection, select **Install & Authorize** to finish the setup. Please note that the installation may take a few seconds to complete.
5. After all the steps are successfully finished, the **AI agent** > **Enable agent** > **Pull request fixes** and **Backlog fixes** options will be automatically selected in SonarQube Cloud. You will be able to commit the agent’s suggestions directly from your PRs and the **Assign to Agent** button will be available on the **Issues** page for selected projects.
## Manage agent access
The SonarQube Remediation agent only has access to the repositories defined in GitHub. To change repository access, a GitHub administrator who is also a SonarCloud Administrator can navigate in SonarQube Cloud to *Your Organization* > **Administration** > **AI capabilities** > **AI agent**. Under Install app, select **Manage Permissions** which takes you to your GitHub Apps page.
Alternatively, a GitHub administrator can navigate in GitHub to *Your GitHub Organization* > **Settings** > **Third-party Access** > **GitHub Apps**. Under **Installed GitHub Apps** > **SonarQube Agent**, select **Configure**.
* In GitHub, under **SonarQube Agent** > **Repository access**, add or remove your repositories from the list. When finished, select **Save** to confirm your selection.
### Disable or suspend agent access
It is possible to disable the SonarQube Remediation agent in SonarQube Cloud or in GitHub, if you prefer.
A SonarCloud Administrator can navigate to *Your Organization* > **Administration** > **AI capabilities** > **AI agent** > **Enable agent** and unselect **Remediation agent**. Once **Save** is selected, the agent will no longer be triggered in GitHub.
To suspend or uninstall SonarQube Agent completely, navigate in GitHub to *Your GitHub Organization* > **Third-party Access** > **GitHub Apps** > **SonarQube Agent** > **Danger zone** and select **Suspend** or **Uninstall**.
* **Suspend** will block the agent’s access to your repositories. Choosing this option is the easiest way to restart the agent, when you're ready.
* If you select and confirm **Uninstall**, the SonarQube Agent will be removed from all of your repositories and from your SonarQube Cloud Organization. The agent's activity will be remain in your PR history but if you want to use the agent again, you must return to the beginning to [#enable-your-agent](#enable-your-agent "mention").
## Agent behavior
The SonarQube Remediation Agent can make the same types of changes to pull requests in GitHub when it is triggered by a failing quality gate. It can also fix issues from your backlog when you use the **Assign to Agent** button on the Issues page.
* **Pull request fixes**: When your quality gate fails during PR analysis, the agent is triggered and suggests fixes in the PR. Its behavior and how to engage with it are described on the [agents-in-your-github-pull-request](https://docs.sonarsource.com/sonarqube-cloud/managing-your-projects/issues/with-ai-features/agents-in-your-github-pull-request "mention") page.
* **Backlog fixes**: You can select issues from your main branch and assign them to the agent; it opens a new PR in GitHub for each fix suggestion you assign. For details, see the [agent-backlog-fixes](https://docs.sonarsource.com/sonarqube-cloud/managing-your-projects/issues/with-ai-features/agent-backlog-fixes "mention") page.